Commit 939b5170 authored by redflo's avatar redflo

Rework of LDAP Authentication. Dropped PEAR::Auth_LDAP to get more

information from the directory. Added support for User information and
ldap group replication. Added support for ssl (ldaps), tls and redundant LDAP
server configuration.
parent 94843daa
......@@ -1171,6 +1171,7 @@ installer/schema/20090602_webmail_protocols_tiki.sql -text
installer/schema/20090605_tiki_p_modify_tracker_items_pending_closed_tiki.sql -text
installer/schema/20090617_add_new_table_for_reports_tiki.sql -text
installer/schema/20090623_actionlog_view_article_tiki.sql -text
installer/schema/20090626_change_pear_auth_preferences_to_ldap.sql -text
installer/shell.php -text
installer/tiki-installer.php -text
/jhot.php -text
......@@ -1477,6 +1478,7 @@ lib/ajax/lib/activex_off.js -text
lib/ajax/tiki-ajax.js -text
lib/articles/artlib.php -text
lib/articles/index.php -text
lib/auth/ldap.php -text
lib/bablotron.php -text
lib/ban/banlib.php -text
lib/ban/index.php -text
......@@ -2290,6 +2292,16 @@ lib/pear/Net/DNS/RR/SRV.php -text
lib/pear/Net/DNS/RR/TSIG.php -text
lib/pear/Net/DNS/RR/TXT.php -text
lib/pear/Net/DNS/Resolver.php -text
lib/pear/Net/LDAP2.php -text
lib/pear/Net/LDAP2/Entry.php -text
lib/pear/Net/LDAP2/Filter.php -text
lib/pear/Net/LDAP2/LDIF.php -text
lib/pear/Net/LDAP2/RootDSE.php -text
lib/pear/Net/LDAP2/Schema.php -text
lib/pear/Net/LDAP2/SchemaCache.interface.php -text
lib/pear/Net/LDAP2/Search.php -text
lib/pear/Net/LDAP2/SimpleFileSchemaCache.php -text
lib/pear/Net/LDAP2/Util.php -text
lib/pear/Net/Ping.php -text
lib/pear/Net/Socket.php -text
lib/pear/Net/URL.php -text
......
......@@ -2800,6 +2800,7 @@ CREATE TABLE users_groups (
userChoice char(1) default NULL,
groupDefCat int(12) default 0,
groupTheme varchar(255) default '',
isExternal char(1) default 'n',
PRIMARY KEY (id),
UNIQUE KEY groupName (groupName)
) ENGINE=MyISAM AUTO_INCREMENT=1;
......
update tiki_preferences set name='ldap_create_user_tiki' where name='auth_create_user_tiki';
update tiki_preferences set name='ldap_create_ldap_tiki' where name='auth_create_auth_tiki';
update tiki_preferences set name='ldap_skip_admin' where name='auth_skip_admin';
update tiki_preferences set name='auth_ldap_host' where name='auth_pear_host';
update tiki_preferences set name='auth_ldap_port' where name='auth_pear_port';
update tiki_preferences set value='ldap' where name='auth_method' and value='auth';
alter table users_groups add column(isExternal char default 'n');
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_RootDSE interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @copyright 2009 Jan Wagner
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @version CVS $Id: RootDSE.php,v 1.5 2009/04/30 08:02:37 beni Exp $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Includes
*/
require_once 'PEAR.php';
/**
* Getting the rootDSE entry of a LDAP server
*
* @category Net
* @package Net_LDAP2
* @author Jan Wagner <wagner@netsols.de>
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @link http://pear.php.net/package/Net_LDAP22/
*/
class Net_LDAP2_RootDSE extends PEAR
{
/**
* @access protected
* @var object Net_LDAP2_Entry
**/
protected $_entry;
/**
* Class constructor
*
* @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE
*/
protected function __construct(&$entry)
{
$this->_entry = $entry;
}
/**
* Fetches a RootDSE object from an LDAP connection
*
* @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched
* @param array $attrs Array of attributes to search for
*
* @access static
* @return Net_LDAP2_RootDSE|Net_LDAP2_Error
*/
public static function fetch($ldap, $attrs = null)
{
if (!$ldap instanceof Net_LDAP2) {
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
}
if (is_array($attrs) && count($attrs) > 0 ) {
$attributes = $attrs;
} else {
$attributes = array('vendorName',
'vendorVersion',
'namingContexts',
'altServer',
'supportedExtension',
'supportedControl',
'supportedSASLMechanisms',
'supportedLDAPVersion',
'subschemaSubentry' );
}
$result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base'));
if (self::isError($result)) {
return $result;
}
$entry = $result->shiftEntry();
if (false === $entry) {
return PEAR::raiseError('Could not fetch RootDSE entry');
}
$ret = new Net_LDAP2_RootDSE($entry);
return $ret;
}
/**
* Gets the requested attribute value
*
* Same usuage as {@link Net_LDAP2_Entry::getValue()}
*
* @param string $attr Attribute name
* @param array $options Array of options
*
* @access public
* @return mixed Net_LDAP2_Error object or attribute values
* @see Net_LDAP2_Entry::get_value()
*/
public function getValue($attr = '', $options = '')
{
return $this->_entry->get_value($attr, $options);
}
/**
* Alias function of getValue() for perl-ldap interface
*
* @see getValue()
* @return mixed
*/
public function get_value()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'getValue' ), $args);
}
/**
* Determines if the extension is supported
*
* @param array $oids Array of oids to check
*
* @access public
* @return boolean
*/
public function supportedExtension($oids)
{
return $this->checkAttr($oids, 'supportedExtension');
}
/**
* Alias function of supportedExtension() for perl-ldap interface
*
* @see supportedExtension()
* @return boolean
*/
public function supported_extension()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'supportedExtension'), $args);
}
/**
* Determines if the version is supported
*
* @param array $versions Versions to check
*
* @access public
* @return boolean
*/
public function supportedVersion($versions)
{
return $this->checkAttr($versions, 'supportedLDAPVersion');
}
/**
* Alias function of supportedVersion() for perl-ldap interface
*
* @see supportedVersion()
* @return boolean
*/
public function supported_version()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedVersion'), $args);
}
/**
* Determines if the control is supported
*
* @param array $oids Control oids to check
*
* @access public
* @return boolean
*/
public function supportedControl($oids)
{
return $this->checkAttr($oids, 'supportedControl');
}
/**
* Alias function of supportedControl() for perl-ldap interface
*
* @see supportedControl()
* @return boolean
*/
public function supported_control()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedControl' ), $args);
}
/**
* Determines if the sasl mechanism is supported
*
* @param array $mechlist SASL mechanisms to check
*
* @access public
* @return boolean
*/
public function supportedSASLMechanism($mechlist)
{
return $this->checkAttr($mechlist, 'supportedSASLMechanisms');
}
/**
* Alias function of supportedSASLMechanism() for perl-ldap interface
*
* @see supportedSASLMechanism()
* @return boolean
*/
public function supported_sasl_mechanism()
{
$args = func_get_args();
return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args);
}
/**
* Checks for existance of value in attribute
*
* @param array $values values to check
* @param string $attr attribute name
*
* @access protected
* @return boolean
*/
protected function checkAttr($values, $attr)
{
if (!is_array($values)) $values = array($values);
foreach ($values as $value) {
if (!@in_array($value, $this->get_value($attr, 'all'))) {
return false;
}
}
return true;
}
}
?>
\ No newline at end of file
This diff is collapsed.
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the Net_LDAP2_SchemaCache interface class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @version CVS: $Id: SchemaCache.interface.php,v 1.3 2009/06/02 10:09:02 beni Exp $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* Interface describing a custom schema cache object
*
* To implement a custom schema cache, one must implement this interface and
* pass the instanciated object to Net_LDAP2s registerSchemaCache() method.
*/
interface Net_LDAP2_SchemaCache
{
/**
* Return the schema object from the cache
*
* Net_LDAP2 will consider anything returned invalid, except
* a valid Net_LDAP2_Schema object.
* In case you return a Net_LDAP2_Error, this error will be routed
* to the return of the $ldap->schema() call.
* If you return something else, Net_LDAP2 will
* fetch a fresh Schema object from the LDAP server.
*
* You may want to implement a cache aging mechanism here too.
*
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
*/
public function loadSchema();
/**
* Store a schema object in the cache
*
* This method will be called, if Net_LDAP2 has fetched a fresh
* schema object from LDAP and wants to init or refresh the cache.
*
* In case of errors you may return a Net_LDAP2_Error which will
* be routet to the client.
* Note that doing this prevents, that the schema object fetched from LDAP
* will be given back to the client, so only return errors if storing
* of the cache is something crucial (e.g. for doing something else with it).
* Normaly you dont want to give back errors in which case Net_LDAP2 needs to
* fetch the schema once per script run and instead use the error
* returned from loadSchema().
*
* @return true|Net_LDAP2_Error
*/
public function storeSchema($schema);
}
This diff is collapsed.
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/**
* File containing the example simple file based Schema Caching class.
*
* PHP version 5
*
* @category Net
* @package Net_LDAP2
* @author Benedikt Hallinger <beni@php.net>
* @copyright 2009 Benedikt Hallinger
* @license http://www.gnu.org/copyleft/lesser.html LGPL
* @version CVS: $Id: SimpleFileSchemaCache.php,v 1.3 2009/05/28 09:20:29 beni Exp $
* @link http://pear.php.net/package/Net_LDAP2/
*/
/**
* A simple file based schema cacher with cache aging.
*
* Once the cache is too old, the loadSchema() method will return false, so
* Net_LDAP2 will fetch a fresh object from the LDAP server that will
* overwrite the current (outdated) old cache.
*/
class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache
{
/**
* Internal config of this cache
*
* @see Net_LDAP2_SimpleFileSchemaCache()
* @var array
*/
protected $config = array(
'path' => '/tmp/Net_LDAP_Schema.cache',
'max_age' => 1200
);
/**
* Initialize the simple cache
*
* Config is as following:
* path Complete path to the cache file.
* max_age Maximum age of cache in seconds, 0 means "endlessly".
*
* @param array $cfg Config array
*/
public function Net_LDAP2_SimpleFileSchemaCache($cfg)
{
foreach ($cfg as $key => $value) {
if (array_key_exists($key, $this->config)) {
if (gettype($this->parameter[$key]) != gettype($value)) {
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->parameter[$key])."!");
}
$this->parameter[$key] = $value;
} else {
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!");
}
}
}
/**
* Return the schema object from the cache
*
* If file is existent and cache has not expired yet,
* then the cache is deserialized and returned.
*
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
*/
public function loadSchema()
{
$return = false; // Net_LDAP2 will load schema from LDAP
if (file_exists($this->config['path'])) {
$cache_maxage = filemtime($this->config['path']) + $this->config['max_age'];
if (time() <= $cache_maxage || $this->config['max_age'] == 0) {
$return = unserialize(file_get_contents($this->config['path']));
}
}
return $return;
}
/**
* Store a schema object in the cache
*
* This method will be called, if Net_LDAP2 has fetched a fresh
* schema object from LDAP and wants to init or refresh the cache.
*
* To invalidate the cache and cause Net_LDAP2 to refresh the cache,
* you can call this method with null or false as value.
* The next call to $ldap->schema() will then refresh the caches object.
*
* @param mixed $schema The object that should be cached
* @return true|Net_LDAP2_Error|false
*/
public function storeSchema($schema) {
file_put_contents($this->config['path'], serialize($schema));
return true;
}
}
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment